This script is Copyright (C) 2012 Tenable Network Security, Inc.
The monitoring application hosted on the remote server has a remote
code execution vulnerability.
A flaw exists within the brstart.exe service, which listens by
default on TCP port 9002. When handling a specially crafted SMARTS
request the process extracts a user provided value to allocate a
buffer via sm_read_string_length then blindly copies user supplied
data into this buffer on the heap. A remote, unauthenticated attacker
can exploit this vulnerability to execute arbitrary code under the
context of the service.
Note that Cisco Unified Service Monitor prior to version 8.6, Cisco
Unified Operations Manager prior to version 8.6, and CiscoWorks LAN
Management Solution software releases 3.1, 3.2, and 4.0 are affected.
Also note that these Cisco products use a bundled EMC SMARTS
application server, in which the vulnerability resides. As such,
multiple EMC Ionix products (ESA-2011-029) are also affected, but they
are not checked by this plugin as they may have a different attack
See also :
Upgrade to Cisco Unified Operations Manager 8.6 or later
Upgrade to Cisco Unified Service Monitor 8.6 or later
Apply patch and upgrade for CiscoWorks LAN Management Solution
releases 3.1, 3.2, and 4.0, with detailed instructions at
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false